extern/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-06-20 09:48:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update upload endpoint to check user has access to library

Browse Source
This commit is contained in:
advplyr 2025-06-11 16:14:51 -05:00
parent aac01d6d9a
commit a6f10ca48e
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
server/controllers/MiscController.js
View File

@ -59,6 +59,12 @@ class MiscController {
if (!library) {
return res.status(404).send('Library not found')
}
if (!req.user.checkCanAccessLibrary(library.id)) {
Logger.error(`[MiscController] User "${req.user.username}" attempting to upload to library "${library.id}" without access`)
return res.sendStatus(403)
}
const folder = library.libraryFolders.find((fold) => fold.id === folderId)
if (!folder) {
return res.status(404).send('Folder not found')